Worm Munches Away at Critical Windows Flaw
Article by George Norman
On 04 Nov 2008
The saga of the MS08-67 security flaw that affects Windows XP, Vista, Windows 2000, Server 2003 and Server 2008 continues. First there was the out-of-date patch released by Microsoft late October, which caught everyone’s eye because Microsoft rarely breaks the update cycle it has in place, unless the problem is big, it affects a fundamental part of the Windows OS, and is exploitable. After the patch was released, a round of explanations ensued, since everyone was intrigued and wanted to find out more about the flaw. The next chapter in this saga was releasing an exploit in the wild such as the Milw0rm and Metasploit ones.

Just as the security experts were expecting, a worm that takes advantage of unpatched, vulnerable Windows-based systems has been detected in the wild. A notice caught my eye the other day - it seems that F-Secure, company that specializes in providing antivirus software solutions and internet security, has detected a worm loose on the net that it is capable of exploiting the MS08-67 vulnerability.


“The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg.” says F-Secure.

Symantec, company best known for its Norton Internet Security and Norton 360 security software, also detected a worm that exploits MS08-67 and has called it “Wecorl”. Once the worm infects a system it attempts to download software to that machine (which is most likely malware) and then tries to connect with other machines on the local subnet.

The worm affects only Windows 2000, XP, and Server 2003 – for these operating systems the MS08-67 flaw was deemed critical. Windows Vista and Server 2008, for whom the flaw is only “important”, are currently safe from the worm menace, but who is to say if that will remain so. The best course of action is to patch your Windows OS and update your antivirus software.

Tags: Microsoft, Windows, MS08-67
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 14 Aug 2017
Opera Max, the Android app that uses compression technology to help you save data and get up to 50% more from your data plan, has been discontinued. The app is no longer featured on Opera.com and it’s no longer listed on Google Play.
By George Norman on 14 Aug 2017
In a TV industry first, Samsung announced that all of its 2016 and 2017 smart TVs can stream PC games via the Steam Link app, which basically renders the $50 Steam Link hardware useless.
Related News
By George Norman on 22 Mar 2017
Buying a new computer is no easy thing. It is a big investment and a big decision that you shouldn’t just rush into. That’s why you have to mull things over and ask yourself a few very important questions.
By George Norman on 07 Jun 2017
Yes, I know that the global PC market is in a downwards spiral for its nth quarter and that mobile usage is on the rise. Still, I argue that a desktop PC is better than all the other alternatives.
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 20 Mar 2017
Google Chrome, the web browser that has more than 1 billion users and loads more than 771 billion pages each month, is best known for its minimal interface, lightning fast speed, and wealth of settings. Hidden among them are...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Worm Munches Away at Critical Windows Flaw
HTML Linking Code